I am thinking about getting Qubes on my PC that I want to use anonymously and securely. Therefore, one of my possible options is Qubes with Whonix VM. Now, I am having the following question before I connect my PC with Qubes to the internet.
All the time before, as I used other Linux distributions with VPN (Mullvad, paid anonymously) which felt safe for me as I had kill switch on.
Should I get Mullvad on Qubes now as well before I configure Tor and access the internet? Although I would use Whonix for my internet activities, it feels weird to connect Qubes itself to the internet without VPN.
as long as you use Mullvad, you should have vpn when you connect to the internet
with tor, it depend on many thing, if you condenser that you need a vpn before connect to tor, you can
Whonix can be used without VPN (should be done in this manner). Whonix can be used with proxy and bridges. Whonix is much more anonymous than a VPN (can’t be sure enough).
So If you are not hardcore fan (you shouldn’t be in light of many popular ones failing trust of buyers) of any VPN, you are better off with them.
Yes, I don’t want to connect my Whonix VM to a VPN, but Qubes itself (if that is possible (I haven’t set it up yet)), and then enter the Whonix VM.
When you use Qubes, you make use of various individual qubes. Usually
these are connected to a firewall qube - sys-firewall - which is
connected to sys-net, which holds the NIC. It’s sys-net that connects
directly to the network.
If you want to use a VPN, you can install it on a qube between
sys-firewall and sys-net. Then attach Whonix-gw to the VPN qube, and all
your Whonix traffic will go through the VPN, as well as non Tor traffic.
You should read this about mixing Tor and VPN.
It’s not recommended unless you are an advanced user who knows how to
configure both in a way that wont compromise your privacy.
I said that “all your traffic will go though the VPN”: this isn’t
strictly true because there is some traffic from sys-net, both from the
qube itself, and from Qubes system services.
You can solve this by changing global parameters to use some other
qube than sys-net for these services, and setting the firewall in sys-net
to block all outbound traffic originating from sys-net.
Thank you very much. I see, it’s a playfield for experts, which I am not. I might leave it as it is and just use Qubes + Whonix out of the box, and always Tor browser. I think this way I’ll have a great amount of privacy/anonymity, right?